Information security tips and tricks for both home and business users

Time to Replace Adobe Reader?

The folks over at FireEye discovered a new 0-day vulnerability in Adobe Reader, a vulnerability that’s already being exploited by attackers. By tricking users into opening a malicious PDF files, attackers could potentially open a connection between the user’s machine and their own.

Adobe Reader is everywhere. That’s why it’s such a high profile target for attackers. Look at it from a business perspective. If an attacker is going to invest time and resources in finding software vulnerabilities, as well as the risks that come with creating and distributing malware, it makes good business sense to make sure you’re getting the most bang for your buck. The more systems that a piece of software is installed on, the greater your chances of success.

Keep in mind that no software vendor is immune. All software is vulnerable. The real question is, how vulnerable? In 2012, four (4) code execution vulnerabilities were discovered in Adobe Reader. By comparison, only one (1) code execution vulnerability was discovered in Foxit PDF Reader. When we start to examine the number of vulnerabilities in comparable products, as well as the length of time between “vulnerability discovered” and “patch released,” the numbers don’t lie.